298 lines
332 KiB
JSON
298 lines
332 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--577a5b2f-5a3c-4565-b847-40e6950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T13:17:21.000Z",
|
||
|
"modified": "2016-07-04T13:17:21.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--577a5b2f-5a3c-4565-b847-40e6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T13:17:21.000Z",
|
||
|
"modified": "2016-07-04T13:17:21.000Z",
|
||
|
"name": "Malspam 2016-07-04 (testrun, subject 'Scanned image'), .docm",
|
||
|
"published": "2016-07-04T13:18:03Z",
|
||
|
"object_refs": [
|
||
|
"indicator--577a5b63-e5b4-4c3b-8212-4100950d210f",
|
||
|
"indicator--577a5b63-286c-49ed-a2b0-4d74950d210f",
|
||
|
"indicator--577a5b64-7c30-4096-a35a-4aad950d210f",
|
||
|
"indicator--577a5b7b-ae4c-40dc-9ba1-48df950d210f",
|
||
|
"indicator--577a5b7c-d050-4a8f-8446-48cf950d210f",
|
||
|
"indicator--577a5b7c-d628-4ce6-83f5-4469950d210f",
|
||
|
"indicator--577a5b7c-45ac-4d52-a6f7-4321950d210f",
|
||
|
"indicator--577a5b7d-60f8-4750-a4c6-4742950d210f",
|
||
|
"indicator--577a5b7d-995c-4e4b-be20-4922950d210f",
|
||
|
"observed-data--577a61e1-7bb8-4c8d-ac36-44ae950d210f",
|
||
|
"email-message--577a61e1-7bb8-4c8d-ac36-44ae950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"circl:incident-classification=\"malware\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577a5b63-e5b4-4c3b-8212-4100950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T12:49:39.000Z",
|
||
|
"modified": "2016-07-04T12:49:39.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[url:value = 'http://greatlakessawingsolutions.com/nb4vervge']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-04T12:49:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577a5b63-286c-49ed-a2b0-4d74950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T12:49:39.000Z",
|
||
|
"modified": "2016-07-04T12:49:39.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[domain-name:value = 'greatlakessawingsolutions.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-04T12:49:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577a5b64-7c30-4096-a35a-4aad950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T12:49:40.000Z",
|
||
|
"modified": "2016-07-04T12:49:40.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.166.6.15']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-04T12:49:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577a5b7b-ae4c-40dc-9ba1-48df950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T12:50:57.000Z",
|
||
|
"modified": "2016-07-04T12:50:57.000Z",
|
||
|
"description": "maldoc",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEJm5EgmKv0zyIAAAI2LAAAgABwANDAxNTgwNWI4MTUzZjY1Yzk0YmU0M2I1MDBjMWI2OWJVVAkAA3tbeld7W3pXdXgLAAEEIQAAAAQhAAAA3TrOKtkTobusXcJDNrHljtJAsu1SNch1SP44Ak62mdxZPJ0KbQAqAE4OHhrUvR4uCFxT+q0/VG8r5x1LLcN628kjshysWmapEpOd523RmwMFPXLjze8CeF3mDKQiM9A5k+N2k6bf4DsFw08fBBSPkan2rRbIyJHyRUEebxu+F/MLByQHIF8FwbOc6NSOIfnxzbpcYdfkxqU7dZw+0yGwPz9PaTMvQEHePy0Mi4k5HKXAxvjsewBY3A0mafQEasVUAoiciexHoDyXoFFqMPHSRQZIU+ehaRmMPpSFikKTJLh2bdHUDJ0BT3bX4qZegGDXQBF9RvaY7gRxBjoaq4v4ffanPlZIe6d/wqtO2CPPjybJFnc7F1WTjfKgSN+4omRgiU4zfacly48NMo/IT4pxtzi0qK0RCgihqRMbttpNoPInNRe4l3WfRNIEPlysOtsZeavcpomIeU9KZE47pQldZJQ9atYzaVsINPpr+YH9gnzmH9avv9mEwSJp4ZIeaWQHi5A2QCxVMZZn7DhWnpLiGIwk509e5Ep9W1ObrNEZIJMyNyDr48I0DTMOrE/9sin6HNOzDQSA99aQANduRd+auy5pVno630lyG70XXNASZd79XVmeP2KqVyYFFUYJhkkXoRf/c4/IPvbAKvDrY9mJRQkQwJ7M50GazITRWLeo+BpfKxby07teR+J1vJlvV8mUpx4OYIsyWqiP6yP16heD0NkGFlCpTb2hoOeDpolRdUcsExhuX6jnHGBSh6oVXM6a2HvQyKWuYoD1cFC0hZGQOEd44UWLNSiNjlOh9UH8jr434UfjBjtvloUC470N4gyT64X4SksT5Gdl1i91z0qcY2EIV1Pxx+X7PHMqxmebq5IAG7KaJ/Td7aXc6gRs9Vwx3FuQqfQNDoFE3b6cUZNo051me3+3lMxOQe4yLOLUymf58DFVa68lKrKXkiivMBjJVPlnt1OE6r6owa6zg5tAzjZHe9vhoTpCAUT+T0NhP4T2YaQ/jOmW2Cj/jpMI5lO2PRdVq28S1oliBqqrtLNJ+pXFAuFt8QrDCLwjNv4+LOUj8RSwFSHxrDZf0vFp2Qb14Yhf09wpBBT4cjLa0GtbQ9yij0V1dI6Wu2hO0Balz+i8g5d4QiZmR/Zhobf7hn1E7KuvWPG00ziD2G6RCCoTjS/ixECqrEzbmjxqnCoC95+Ig2s9F22OUivPtjDFEshIZTevkWcAW6KFHXqxeX+YObXU+eKfkggVqdcWxJD9dUiOoLWwP/v2aYMMm9vnram3rY9PC7c0vB7b//U2DTfsjAvd2A2xVBJmePhEUuYEH/FMKxiOqZFiDSX6piCt0gzGtM1wSpnxxwQ4d3nWz3To2fnsDmSDw7x+Tv8SdRR+rbQ58/hoKSM+owQKnpjX4+cSCqO0glXeDy/FDsa+4Xc4CyxvRoXmOwtLOjiLbXlmjk2X3M9DgfFnCfN5M1ckB+u1Ei1asT4laDQalUgu2hveo3C7WKC5sOrIsOS3UMLTHOnR+jqKY+HA3f58fpzY13o5BG5e6HQjBdEPmqxlM4AANHVdOj4zdxVQEzxhusRagDHqJ21xZSmjEwxL4gyqjf9N3LKClJH1wBayZwQ6iemFJLcyRxMJeOIqskWpR/1lVNe2wt2HOs5fSbg3Jx3gw6uMAsL08rg9byLxCNDu9ZX+DXC8j8K+ikZFhcs6W+i/jXT3fdn2XXRxJ6JeHAouYbHJTNtAIwWi8orAN7KbJojli7ADNn3J/OpuKB8B5p+r+ccvoIupMwMRhK6B9FdK2DQkaDym5/2W0ywXUQ/cjIwwsFMZNxNc7FaXVldcD3MNAW/uj8bILwe7Z2892r4Ht7ywpZNzfOYaKt4ttQ2h5ctdB2YHBdpz+CWtrWxyCL7tFI6DpbJ/VQK07SiG182NijXqZthssES08CXDAzXt3bl+akQ4Qy7iElX8IB2QWNi/b+jQKOdlyEwS/YxQEgnooG/3008PkkuCPQEBq8LEJK2MCxeItlm4WBrDYwihKlHYsI+q6O75RwSrIPq/5HTxj3mt2IbMDc11KUVB/csm6NbE6ZpHu08GMMTRIQAaSBJtab9CBuXOARnh0JZoIKX+rMEBKdR7KTbCX0bBnTGIZnvi4RWviMap3tStt9AoLUyrKue6hLCQkmJl9s6nT5s7NXXPjGDOmJMY0wntQerjBdCEtT3xqxHAQACgS9YIcsQiGqgFWO/K1EvjEH5oo6rAoe2X3Eh0SMdU+fgRj61+F+uK7h1rtqQkliaFV0fwhrB3qtWxGVjMVKGq8S2NmcGYBLzW+dB2yc4a+8yA+evpgSb+KELcDpUtzBuc2BstA8SFnB4JBREHOC0zXMo6j0QBkuPwgZCtkowdfTP4gW0MFV0UIbzPtF2leq1+2PgCRItgXXrxskNiv5NI5yj1xnCRli5xNT29LY9g5AS4RQQ4c9AuC2rQsjFXgf+r1k+QhXzLrxpmqLuP1dM+2br6Qi6XFepOjkB1IbGP1Tr81NaG8NKLvdrykJ5CVLIcgSWcAgwQzd0cC0VbwMsItPvYTly5HuqiVLrMjRTas2vCZJEANP3xnyap7At4eqpJvQYJxOR1lmvIWBjZobdCy8oyZTctqFV9r0Fs1nvgcGTSMZSJYyIdb7GdD7G3hQoYxgj+bTeeNad8ecrYOniNasJt0jWql/kgRALExjQpDe9fu2eDRsaoX2Iwev+MTQFnxvhn42XNa5vG3ZLme1hziFbFACvUmU+McBBFZRGyZOk+HL/Ql1bMg/B7esLB4PyT1Yol3aNTV8J509PkC0o5mw+iUU8kOwkN8TKrAAyk2UeprEH2vm1l4rdWvxYGAmnuO0wH3hpmqwk3z3BqKIwjKofCIhoYrl+UF17A803t4zXUNdeV5KYtvOHTrGc6HfZsDa+X91w4cjqS5G/lZ4l9AqJce0j1+kWx8XpMK2HjqEAT8jGZrmGqYBYzoWzsgZYy8crdI58H+0MMpYQKShFZyjhKJDsSwfRVWw1qnbIvWo6V0SJKLxtWWW5qiLrqwJ/guSp/+STBjOQzOl1sAGTBTskW2unuuIQ1Hwt7bEJsWFFwAMMCojL07B4cEcTawyOInIMRmDi9XswtlqyzGGXO4RIrJ0lfQQOUd32vEo/gj7uLezf5eq9CxlcYDAOMHEhh6NEr0w6RJ4f9j7pC0d9jSD5DaveelAM6xxTSUaDCj+1m+G0sCzUNb91KIy4leq0V7Imx1BH2BKhumI2yzO9T6GlrWDCvXy5Wzpj2rSwz2aQliYAcOW/zP9GlmAtYcgpEtorAugFp/MkMlsjp+AhY+OXnX55+e7fbo7Y+jJENRPFeGebJl+8nVt60IbpciK7Oy8ckdBnUMToiiKHa9NPy1aV3yvHwNweAUA137gjg3mcNX1M6huyT6BVkPEy5jYAOutXkDeO7QyGORTGZdwARBA0VAA/9WjxKImrYMZbFSJi6zaZURRlJ9Djr7x0rzUANZaVwS22PNDMEdth4g9ktIZdhkZQrYu45dD5N+z1RVNnNg52dyCi+HDlQ3TA/A3qfqSS04eZYa+Hf5j1HWr9C2j0O8Z8iMcAYBJ51OVNkX25Y+UZbYtFXaMdTQvA7QQBQ9HLb8whkYYKDlhjkTknW5zSXvt6OcrrvkdRg17MmxBLFmHzv6OkQyf8hBwidE4E7C3kZ54Hkv2XBigl19uXORWXzU0Rfdyb+fd4KISDCJ+I8n9aynCsm2fHVwek4kdTGOvVl6OmntAAOEsWg6cXo05xTpIzxhJpPOaP69L5JrU2vR7pUlWTOSHA0xrOQEkrJSC/PK1VE72sB+YGeIeTWezf3WwJyTFhR1ToFH4MEeNN7fFFwMWW9o0XOsgiCtNOfxWHgoKOPIaRewDUPQ0pRguYK4qdz0ZptBXOiuSZpClmDVX
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-04T12:50:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577a5b7c-d050-4a8f-8446-48cf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T12:50:24.000Z",
|
||
|
"modified": "2016-07-04T12:50:24.000Z",
|
||
|
"description": "maldoc",
|
||
|
"pattern": "[file:name = '04-07-2016_rndnum(4,9)}}.docm' AND file:hashes.SHA1 = '0250db9c1bb29902f1b56a67381d36caa21b50b3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-04T12:50:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577a5b7c-d628-4ce6-83f5-4469950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T12:50:44.000Z",
|
||
|
"modified": "2016-07-04T12:50:44.000Z",
|
||
|
"description": "maldoc",
|
||
|
"pattern": "[file:name = '04-07-2016_rndnum(4,9)}}.docm' AND file:hashes.SHA256 = '5b353b4cd8c2be450542ced95419cda4c51ad5d2c008d011a6444d37fa8d952b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-04T12:50:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577a5b7c-45ac-4d52-a6f7-4321950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T12:51:02.000Z",
|
||
|
"modified": "2016-07-04T12:51:02.000Z",
|
||
|
"description": "Locky",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEJm5EgIKbX9ljoDAAA+BAAgABwANzFlNGVmMDgwODA2YmU1MjdhYzRjM2VjZjVhYTMzNzRVVAkAA3xbeld8W3pXdXgLAAEEIQAAAAQhAAAA6z3xiComwYT7XlS7v4ZR+e4KmM3DFHfPM8/FG0fqj9/pzw+Qh2/woFDFrvGSZnJXp+72Yyaf+FWQC6LygGT4OclntvvWvMv4Mwz5BuzzGzjO0PsPllLqIUSxDqAkDN5P7rlanJPHKkR+260U9v1C7O0NKiOxQ0NutkXUlgMFqiOsAqKcL+t3hySYRdg3CxRzo0AIt73ABgNHYDl0VJtBIdWSTxJTytrY6Xw4OX/baUXFgaDJGA0O5p4oJxRqCYOqDWZw08MvLaq8BXj/9/aVfk6W9iBfEcXIQz/RiwCZSW4XGTdWw76E5jsu5U3unlDs64ICXsdLR/U6ysM8ZY3xdpQPL0CX5RkAd21JSMKvu/dJBwan36QfbJO45kzV9OH3GigRUnO8buo7I+L4hN83nAUFEkZ4E1P/WdpRkeAnDzlevjl5p9/J3ha9ebYLJaKd9HkHpYhxf0fd1vL8N3+xP2YZJ6MJOZUN/7pfIe/pJcG4eyxCmzzNNWUbpG0vx7NtGHSB/PdZP0mET3h24xDdvReGgsOaBPJn1mSmKE1mbERVva3ZRZSuA8nTRqF5mjXdL3J0r/C4dZlWIs+kIiPG+qN+7Ab3SFW6VRnf/S/fnQ8dYcSsB7TE6rbj15nPWHJ6+2Y5ZlDESA648y0gZPe+Zp9xkTjQjrgrfEI7QFcqfvanV2iyzC70kFvnx5b3e8jDU/bBZJQKE49J+D26ytYvZiMBkt+LY7zR3x7yu2oy5B+EHxJmKT6DFY4TdkUkDZqALG3kpnqBNzE4UVKlhm2nK8ywaEl+1RhvWAnZSlZ85KmMVi4C2x5fiuSBTmMKTguNKofPyHCe3vCyug+wvQvoS/lVGlHSLhKfi7AZlC3CT1nCnEmE5LiTISF9nklWcSZef4mx9JBqhYwEwkC6P5ZHeR+zXGhH3P207IDjaM/U+DFyCaUBpUlKAj/Z9aiAp4/HniWcoXKLeykcRsTe6oIrYonQxbaUz/cyD67+DtnZBgKocUtr4tRxoMs0+G+iekVFntuSJe9wq/QjwCRU36crefc370a8QXW+PzPhO+kV1lA60I6QbmTDpVtVqNvnAEhmi/qS/8bx5X0nEHRBWh6NWIG3QNfDVX4Zc2FDPHplxqSSiyJEtEj3rrO5bftdIpeACXDVQVs0nHGBqqVaeMDec2LrlXHRajtCDZ1ndHzcf4+HC5yJC0p7MOUGa1u6n0hV8D1JzQeo8iNmC4XGmb99alnYTPqIJxZNdbJJnPls8auRj21ij4pTfp7zTYKgANtmj/r6qa5KFeqhPAVXZDMevZhsOkO510H4l0qNaD0TtvfOiO/AmqTGn1H2tYfzJFOIwl4f1Onh3hZi3Yvum/ONjYHsHE0h0L6pPUDM0dvftB6K6hD4vfaDmbeRK5MXG3nMmkk4Zj91TkN5n1TB+CxDsmtHBn4Cl+HZlpbwSzbNkwgbhUWeZXT+34Fiu0CZZqjmFV7mj7xrzs3T46VDv+8yuFiqpDIIZ7OZR6dTUwWsMQR5l/YB4KO3hQM8anHFEchA275ZTdiIEvHkJzn+Xc29cNG0BC+UiOWCcBmAHEDgVWj8M47z5nCRWI+bXKhmunEeB4w3JEXHMc7PYtQWSIaToEMY3TsNvlOi0JKcuwKMSJG1tg4Wvi1Q87w+on3MbjYpBKQRTQt5VMkXXVc+UPXE+43cJDgrAbkcUYWUoaXaxIU0rmo4UG8X3HIcFAu2QG9PAzk2yP3XjoTlL1yXa0kwLaF07QN21Rax6FZRBbyCaeLEVPfmrGQeVgMx0nscy5SpROVdzep1zQKaaHbTFm5FPBdp/BWFaXFKpE7RRRhxkWglZL8i6ADkzq23POwBFoWgR79jo08/w9hSGTYn+qWaoxEDCwXzUA6d6bXhTvQZUfngmG7Ce8B4HDXii5cH9gZLnFEGNOeGljjfYj0UkTDhYkoucZGSuVQFNC1xzPBXvzIubXEV72Vhoe/H/lIPBSUwv0FjxATg0w+e+rmIECtPWF38acJdPJ1GIFoHD5GUiFcoTOgVdMriZHb/FOojR4Ys6C4zsjFVkhhvaV8Fkxj1jx1ZytBIjlOiGRHVGImyIvow0diA6TQFL0sn4EoDJORa2ekqp90xeui4wcn5piKc1wmfd0iwnVXWezljb9dAfR/dSjMV8F45SECZBudpLitjNfGcwPQF/awiA0U3r3z+MrlcJ4BmUab0ku3QyDF/hNhQsOHNyhf7BgjO+PiiXpyFkrfFShZOCfZCA+YVkEUMFOoYUJaYDn3MpQ1A14gB5x88IVv+KuZDyunI2HEiUtkPo0ehLK/BiZ19O0+ibWsPA8xCZdBK1nb/pmJ7wnN9qRXArQFN1utA47g9Nxj6sdjPGveZoo0kpKYCuslrYkUHdGiGqfWJStqjiuAKekVGDQDn4uo0RbaEirHplt3ocwVH0fPc5UtubO/bCKatwoJZxs4ms/gn5LL+k4wPHG+b6eiA70Zv+4Ft6amtc6vfNsyNCV7NuoG+g6Q8N0F4OMkNkWYwopK5a6CmDqg3JytbunFnlIgOQimsIAwljD+lreI+WdfI64f1d68HahKfWEhmxVlLCbfvIfcsafuCczNhaK3dl1yFTYg7ks2qIEPxQnjhUpYFvsvQNmJm4bsDhRQeUDQUMsnl1Es+ILEZCAGhmUBmNsAvFROvvrELQACfFs/Mee1fALGVdbbU4+irlkFg5RUDdmGzp5ea22+z2ZZ9ldgQmmKQ+H50R2sDOSKdn6YWDdiA0WHfB80qNaPKEf9zHAhBpq5yfBZD/HZWYnZx7j1TMo9nnt7DEz19ENDCRebPo1a4xZdBNlgbmYTclnWCR43DNsNJ9I16a9JaNG7I6EvPLgrNDB5Ea6XouLiVEIrPFIS27usq+2fEgUnEMOqmz8yG1kAlQn+Rkpc3TN3dP0Qv0ZXuIRx048IT/lsVFpEQqmTcyP81ECbrLCrjuuZkDXI2tBcCZSXbmpr1crz9lIWDGZZeG+y5oiftDpPkZk6TGMUXRe7257rGsI9ij7M60RCK//4s8A+qaRvyW1mrR155rHF5hlSaMUU9CcgUNePf5PDjXsGDYtOo6aLwjmtq8DpK2tQjaPBvsz8RGywptWXW3ochs3TtZXGxVoMxC2QpLBfhnbsOXZ4Maq2a4venRctKojv6u5cs4yeoxnYTF13GZ1P2fo9Wigj8RN9eMHFk6RBnVeQUWWFclzB8HZlujvY6mP6nt6M2oaBqbWQTR2ft3pt2xY3qhgTu11vyGh43kocToFAx6f5krRuZEqmDtga08gWEc3kRV1RhvY2pxR+L0qtNr+PkdDpV0EpuiPM0kO9yYo9qTWO3yIKthC6IOty/6z07FUiEaStQKys1hAxU6U/KXa/qL2bfROtPxbjdz17z7dutLA4wUuOAQPfBCVdNUVy8ylLkSKzS36Klz2BjrdEK9UWoLLZTmAgK86IhBkkyxA1oD1c0kPQ46r1H8xIEao3BBmxAs/Bw19CRbbPpSRVyiYYVZh9dPGVGjUU+Y9kA2GTiBNA2d1hEwCmfk0IaiBkEfAgdPvsibVDOPlZJDcis5OxmABJ5M5c8ggTX/NM44/WJkBmJrmKKFZT7KD3MkqLmDPLg4nWvLPAJod5iO/PluK6JpD9uptiXWzirkw/N5xWI92QpzcrLNu8ntBczQ51I6/+syrVlUCD2nJnUsF8BRPQGY+ZTRz3TLafCkOD+/mNxsKtWBJpGjjAmmZwzZ1mEOTNiLXH0pckKwh8Rri1hJhpMk0S8XXR8S+hGTJiKluo4Qt6JiiwlB2ZcKMa+qoJF8Wbl96Ja4/AvI+NhCoJJLyuC9MO6VZdUk4OWyuhUlXArtCnC79FwsIjtNTHm4y17VC5ISA1j2ZD6/8+tXSEO+0dAYcvwD8OWW4rsWPSkMEgi4T35E8
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-04T12:51:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577a5b7d-60f8-4750-a4c6-4742950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T12:50:36.000Z",
|
||
|
"modified": "2016-07-04T12:50:36.000Z",
|
||
|
"description": "Locky",
|
||
|
"pattern": "[file:name = 'nb4vervge' AND file:hashes.SHA1 = '741fd7484a47a5b6dbd56cb0900b1fd64f539175']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-04T12:50:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577a5b7d-995c-4e4b-be20-4922950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T12:50:52.000Z",
|
||
|
"modified": "2016-07-04T12:50:52.000Z",
|
||
|
"description": "Locky",
|
||
|
"pattern": "[file:name = 'nb4vervge' AND file:hashes.SHA256 = '0f3f32f5e9ef01c95c1e7c459fb1ddbaec9fe64382bab16893196e156ea8afad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-04T12:50:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577a61e1-7bb8-4c8d-ac36-44ae950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-04T13:17:21.000Z",
|
||
|
"modified": "2016-07-04T13:17:21.000Z",
|
||
|
"first_observed": "2016-07-04T13:17:21Z",
|
||
|
"last_observed": "2016-07-04T13:17:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"email-message--577a61e1-7bb8-4c8d-ac36-44ae950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"email-subject\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "email-message",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "email-message--577a61e1-7bb8-4c8d-ac36-44ae950d210f",
|
||
|
"is_multipart": false,
|
||
|
"subject": "Scanned image"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|